CVE-2021-1625

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to the Zone-Based Policy Firewall feature of Cisco IOS XE Software, where insufficient access control restrictions when configuring Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) can be exploited. An unauthenticated, remote attacker could send ICMP or UDP packets to bypass security restrictions, potentially allowing traffic to be incorrectly classified or dropped. This could also result in incorrect reporting figures produced by high-speed logging (HSL).

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the Zone-Based Policy Firewall feature until a patch is available. Avoid using the Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configurations in the Zone-Based Policy Firewall until the issue is resolved.